1. Field of the Invention
The present invention relates to a user terminal device and a method for controlling the same. For example, the invention relates to a user terminal device constituting part of a thin client system that consolidates user data into a file server and prevents loss and leakage of confidential information, and a method for controlling such a device.
2. Background Art
In recent years, thin client systems have been devised as a system that prevents diffusion of critical data stored in a file server by way of user terminals. As such a thin client system, a terminal (a diskless. PC) that does not have a built-in nonvolatile secondary storage device is typically used. However, there also exist systems that use a PC (personal computer) having a write-controlled secondary storage device as a thin client terminal. For example, Reference 1 (JP Patent Publication (Kokai) No. 2007-172063 A) discloses a terminal having a secondary storage device in which, upon issuance of a write request from an application to the secondary storage device, the write request is redirected to a primary storage device (cache memory), whereby writing to the secondary storage device is controlled and a terminal that does not have secondary storage in semblance is realized.
When a PC having a write-controlled secondary storage device is used as a thin client terminal, the load on the server can be lighter than a case in which a diskless PC is used. Thus, the cost for constructing infrastructures and the like can be advantageously reduced. With such a system, it is possible to prevent diffusion of critical data stored in a file server, to prevent the OS setup from being improperly changed by a user, and to prevent installation of applications.
However, since the system of Reference 1 does not allow for storage of system update data such as an OS patch into the secondary storage device, the system cannot be kept up-to-date. In contrast, a system as disclosed in Reference 2 (JP Patent Publication (Kokai) No. 2008-59501 A) has been proposed as a system in which only the system update data is allowed to be stored into a secondary storage device of a user terminal. In Reference 2, two filter devices that are a write-permission filter device and a write-inhibition filter device are generated at a lower level of a file system. A file access control driver, which is a filter driver located at a higher level of the file system, detects file access from a write-inhibited application, and redirects such access to the write-inhibition filter device. Accordingly, it is possible to control the storage operation on a file basis or folder basis when performing writing to the secondary storage device. With such means, it is possible to store only the system update data into the secondary storage device of the user terminal to keep the system up-to-date.